Cyber beacons: The challenges of new technologies

Share this article:
Cyber beacons: The challenges of new technologies
Cyber beacons: The challenges of new technologies

Information isn't just leaking, it's being broadcast over Web 2.0 mediums, reports Deb Radcliff.

After learning its SecurID authentication product had been accessed by outsiders, security vendor RSA shut down certain social media traffic for several months in 2011 as investigators tracked the origin back to an email. Information gathered to target the recipient was provided freely over social networking sites, what Branden Williams (left), RSA's CTO of marketing, calls “big data mining” by organized bad guys.

“When I look to where the workforce is beaconing sensitive information to criminals and malware, I look to places like Twitter and LinkedIn,” says Williams. “We're living in a world where our entire emerging workforce has grown up online and has been engineered to overshare. Big data miners have taken notice.”

Not only are employees (current and former), partners and contractors beaconing information that can be used in targeted attacks, they also spread product and other intellectual property (IP) over these and many other mediums, such as their online résumés, in blogs, email, Skype, instant and SMS messaging, through misconfigured systems, even search engines, say experts.

Unfortunately, data governance and protections are lacking across most of these channels and mediums. According to an October 2011 survey conducted by the Association of Image and Information Management (AIIM), 65 percent of respondents who had Web 2.0 collaborative environments lacked such controls.

“It used to be that all forms of public communication had to go through sign-off,” says Doug Miles (right), director of market intelligence for AIIM. “Social media, on the other hand, is all about openness and sharing. With one click, the user bypasses all the old controls of brand management, public relations and other approvals, and they're posting who knows what about their organizations.”

Most professionals assigned blogging, Twitter and other communications on behalf of their companies usually go through these checkpoints. Like Williams, they also attend brand/data protection and security training. Since the SecurID breach, RSA has strengthened the social media components in every employee's information security training.

Page 1 of 3
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in Features

As EMV deadline looms, industry looks to next ATM attack front

As EMV deadline looms, industry looks to next ...

Next year, EMV migration in the U.S. will inevitability change fraudsters' attack methods.

Game theory: Cyber preparedness

Game theory: Cyber preparedness

Business leaders are beginning to fathom the importance of cyber war game simulation exercises, reports James Hale.

Forward progress: How the Denver Broncos really play defense

Forward progress: How the Denver Broncos really play ...

Off the field, demand for bandwidth and protection from network threats set the ball in motion for the Denver Broncos. Greg Masters reports.